Skip to content
Mar 17 / Greg

Trunking To A Nexus Switch

40 10Gb ports, of which 16 can run in 1Gb mode. Dual PSU with 5 fans.

40 10Gb ports, of which 16 can run in 1Gb mode. Dual PSU with 5 fans.


I’m using a Nexus 5020, and attempting to trunk a 7606 running service provider code…but for some reason VLANs aren’t passing.

I issue the following on the 7606:

1
2
3
4
5
6
7
8
9
10
11
12
13

7606#show int te1/1 trunk
 
Port                Mode         Encapsulation  Status        Native vlan
Te1/1               on           802.1q         trunking      1
 
Port                Vlans allowed on trunk
Te1/1               1650-1699
 
Port                Vlans allowed and active in management domain
Te1/1               1650-1653
 
Port                Vlans in spanning tree forwarding state and not pruned
Te1/1               1650-1653

This tells me everything is passing here…what happens when I do the same on the Nexus side:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Nexus5020# show int e1/17 trunk
 
--------------------------------------------------------------------------------
Port          Native  Status        Port
              Vlan                  Channel
--------------------------------------------------------------------------------
Eth1/17       1       trunking      --
 
--------------------------------------------------------------------------------
Port          Vlans Allowed on Trunk
--------------------------------------------------------------------------------
Eth1/17       1,1650-1699
 
--------------------------------------------------------------------------------
Port          Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------
Eth1/17       none
 
--------------------------------------------------------------------------------
Port          STP Forwarding
--------------------------------------------------------------------------------
 
 
--------------------------------------------------------------------------------
Port          Vlans in spanning tree forwarding state and not pruned
--------------------------------------------------------------------------------
 
--------------------------------------------------------------------------------
Port          Vlans Forwarding on FabricPath
--------------------------------------------------------------------------------
Eth1/17       none

As you can see above, none of the VLANs are “STP Forwarding”…but what could be the problem?

It turns out that Nexus chassis have a new feature called Bridge Assurance. It is an enhancement that helps protect against unidirectional link failure. Any port designated as “spanning-tree port type network” has it enabled by default. It expects that the switch on the other end supports the feature and is sending crafted BPDUs over to you. If you happen to be trunking to a standard catalyst switch, then it basically blocks all VLANs from passing on the port! How do we work around it…by disabling it.

You have to globally disable the feature with:

1

no spanning-tree bridge assurance

.
Magically, your VLANs will begin passing:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Nexus5020# show int e1/17 trunk
 
--------------------------------------------------------------------------------
Port          Native  Status        Port
              Vlan                  Channel
--------------------------------------------------------------------------------
Eth1/17       1       trunking      --
 
--------------------------------------------------------------------------------
Port          Vlans Allowed on Trunk
--------------------------------------------------------------------------------
Eth1/17       1,1650-1699
 
--------------------------------------------------------------------------------
Port          Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------
Eth1/17       none
 
--------------------------------------------------------------------------------
Port          STP Forwarding
--------------------------------------------------------------------------------
Eth1/17       1,1650-1653
 
--------------------------------------------------------------------------------
Port          Vlans in spanning tree forwarding state and not pruned
--------------------------------------------------------------------------------
 
--------------------------------------------------------------------------------
Port          Vlans Forwarding on FabricPath
--------------------------------------------------------------------------------
Eth1/17       none

This seems to be a little documented feature and generally takes a little google-fu to find it. Good luck and happy switching my friends.

Filed under Cisco, Hardware, Networking

2 Comments

leave a comment
  1. Tim Payne / Mar 21 2015

    Good to see you posting again. That’s some serious Ferrari you have at the house.. 🙂 🙂
    Are you going to be presenting in Miami this year?

  2. Greg / Mar 22 2015

    @Tim
    Indeed sir, I’m posting…for now 🙂 When life gets going, this is something I sacrifice. I was studying to recertify and I didn’t have a life for a few months there.

    I wish I could afford to grab any gear for the house. I wish I could have someone send me cosmetically broken gear for free heh. I’m sure I could think of SOMETHING to do with it.

Leave a Comment

 

CAPTCHA

*